ffa542fffd417200aaaca12518708291_JaffaCakes118

General

Target

ffa542fffd417200aaaca12518708291_JaffaCakes118
Size

50KB
MD5

ffa542fffd417200aaaca12518708291
SHA1

316c049e9356bcd638eca06633a388611cd9475c
SHA256

c3bf9dc1678c147f79396d4c0c47dc9452e1b8609d12f8686c630d3599c1f90c
SHA512

4cb0dbcf24e69940c1a4ed73790f7dd5cc88697ede6fe448530cd235c3bdee4625c10acf35333ac1ba99025265f5dabbec10efafd99954629b2a5f4a40e6b2c6
SSDEEP

1536:8H5Ia2cvjMDYXPFTU6DP2zHFu+F+vd8Ua70R2lHYNXq:8H5I4YDIPFTUpzF48Ua70R2lHYt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffa542fffd417200aaaca12518708291_JaffaCakes118

Files

ffa542fffd417200aaaca12518708291_JaffaCakes118
.sys windows:4 windows x86 arch:x86

53b0dfc4d638ac6462bc98ca7720ec15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
RtlInitUnicodeString
wcscat
wcscpy
ZwClose
PsCreateSystemThread
ZwQueryValueKey
ZwOpenKey
_except_handler3
ObfDereferenceObject
ObQueryNameString
ObReferenceObjectByHandle
RtlCompareUnicodeString
IoGetCurrentProcess
ExGetPreviousMode
ZwSetValueKey
PsGetVersion
ExFreePool
ExAllocatePoolWithTag
IofCompleteRequest
ZwWriteFile
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
IoRegisterDriverReinitialization
ZwDeleteValueKey
KeDelayExecutionThread
_wcsnicmp
wcslen
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
wcsncmp
towlower
ZwEnumerateKey
strncmp
strncpy
_strnicmp
wcsstr

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 288B - Virtual size: 283B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 960B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53b0dfc4d638ac6462bc98ca7720ec15

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 40KB - Virtual size: 40KB

.data Size: 7KB - Virtual size: 7KB

PAGE Size: 288B - Virtual size: 283B

INIT Size: 960B - Virtual size: 954B

.reloc Size: 1024B - Virtual size: 1012B

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 7KB - Virtual size: 7KB

PAGE
Size: 288B - Virtual size: 283B

INIT
Size: 960B - Virtual size: 954B

.reloc
Size: 1024B - Virtual size: 1012B